Legal claims defining the scope of protection, as filed with the USPTO.
1. A profile installation method of a server for a terminal having an embedded security module, the method comprising: receiving, from a profile provision server, a first message to request a profile registration, the first message including a digital certificate; receiving, from the terminal, a second message to request a profile, the second message including an identifier of the embedded security module; transmitting, to the terminal, the digital certificate; receiving, from the terminal, a session key encrypted based on the digital certificate; transmitting, to the profile provision server, the encrypted session key; receiving, from the profile provision server, an encrypted profile corresponding to the second message, the encrypted profile generated based on the encrypted session key; and transmitting, to the terminal, the encrypted profile.
2. The method of claim 1 , further comprising performing mutual authentication, after receiving the second message, with the terminal using at least one of ID/password, secret key, or the digital certificate.
3. The method of claim 1 , further comprising: wherein the first message includes the identifier of the embedded security module; and storing information including at least one of identity information of the profile provision server, the identifier of the embedded security module, or the digital certificate.
4. The method of claim 1 , wherein the encrypted session key is decrypted with a private key paired with a public key included in the digital certificate; and wherein the profile is encrypted with the decrypted session key.
5. A profile installation method of a profile provision server for a terminal including an embedded security module, the method comprising: transmitting, to a profile management server, a first message to request a profile registration, the first message including a digital certificate; generating a profile corresponding to an identifier of the embedded security module; receiving, from the profile management server, a session key of the terminal that is encrypted based on the digital certificate; encrypting the profile based on the encrypted session key in response to a second message to request a profile; and transmitting the encrypted profile.
6. The method of claim 5 , wherein encrypting the profile comprises: decrypting the encrypted session key to acquire the session key; and encrypting the profile with the session key.
7. The method of claim 5 , wherein transmitting the encrypted profile comprises transmitting a verification value for the profile along with the encrypted profile.
8. The method of claim 5 , further comprising: receiving an identifier of the embedded security module from the terminal; and transmitting the first message further including an identifier of the embedded security module.
9. The method of claim 8 , wherein transmitting the first message comprises: transmitting the identifier of the embedded security module to an address resolution server; and receiving an address of the profile provision server that is mapped to the identifier of the embedded security module from the address resolution server.
10. The method of claim 5 , further comprising: decrypting the encrypted session key with a private key paired with a public key included in the digital certificate; and encrypting the profile with the decrypted session key.
11. A profile management server for installing a profile in a terminal having an embedded security module, the profile management server comprising: a communication module for data communication with the terminal; and a controller configured to control the communication module to: receive, from a profile provision server, a first message to request a profile registration, the first message including a digital certificate; receive, from the terminal, a second message to request a profile, the second message including an identifier of the embedded security module; transmit, to the terminal, the digital certificate; receive, from the terminal, a session key encrypted based on the digital certificate; transmit, to the profile provision server, the encrypted session key; receive, from the profile provision server, an encrypted profile corresponding to the second message, the encrypted profile generated based on the encrypted session key; and transmit the encrypted profile to the terminal.
12. The profile management server of claim 11 , wherein the controller is configured to perform mutual authentication with the terminal using at least one of an ID/password, a secret key, or the digital certificate.
13. The profile management server of claim 11 , further comprising a storage configured to store at least one profile, wherein the controller is configured to control storing, when the first message including the identifier of the embedded security module is received from the profile provision server through the communication module, information including at least one of identity information of the profile provision server, the identifier of the embedded security module, or the digital certificate.
14. The profile management server of claim 11 , wherein the encrypted session key is decrypted with a private key paired with a public key included in the digital certificate; and wherein the profile is encrypted with the decrypted session key.
15. A profile provision server for installing a profile in a terminal having an embedded security module, the profile provision server comprising: a communication module for data communication with the terminal; a storage configured to store at least one profile; and a controller configured to: control the communication module to transmit, to a profile management server, a first message to request a profile registration, the first message including a digital certificate; generate a profile corresponding to an identifier of the embedded security module; control the communication module to receive, from the profile management server, a session key of the terminal that is encrypted based on the digital certificate; encrypt the profile based on the encrypted session key in response to a second message to request a profile; and control the communication module to transmit the encrypted profile.
16. The profile provision server of claim 15 , wherein the controller is configured to: decrypt, when a session key of the terminal that is encrypted with the digital certificate is received through the communication module, the encrypted session key to acquire the session key, and encrypt the profile with the session key.
17. The profile provision server of claim 15 , wherein the controller is configured to control the communication module to transmit a verification value for the profile along with the encrypted profile.
18. The profile provision server of claim 15 , wherein the controller is configured to control the communication module to: receive an identifier of the embedded security module from the terminal, and transmit the first message further including an identifier of the embedded security module.
19. The profile provision server of claim 18 , wherein the controller is configured to control the communication module to: transmit the identifier of the embedded security module to an address resolution server, and receive an address of the profile provision server that is mapped to the identifier of the embedded security module.
20. The profile provision server of claim 15 , wherein the controller is configured to: decrypt the encrypted session key with a private key paired with a public key included in the digital certificate; and encrypt the profile with the decrypted session key.
Unknown
March 20, 2018
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.